00001 <?
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00025 include_once ("ac_common.php");
00026 include_once("check_priv.php");
00027 html_page_start($_SESSION['g_theme']);
00028 if ( ! isset ( $_SESSION['g_dossier'] ) ) {
00029 echo "You must choose a Dossier ";
00030 exit -2;
00031 }
00032 include_once ("postgres.php");
00033
00034 $rep=DbConnect();
00035 include_once ("class_user.php");
00036 $User=new cl_user($rep);
00037 $User->Check();
00038
00039 include_once ("user_menu.php");
00040
00041 $cn_dossier=DbConnect($_SESSION['g_dossier']);
00042
00043 if ( $User->CheckAction($cn_dossier,SECU) == 0 ) {
00044
00045 NoAccess();
00046 exit -1;
00047 }
00048 echo "<H2 class=\"info\">".$_SESSION['g_name']." </H2>";
00049
00050 echo ShowMenuParam("user_sec.php");
00051
00052
00053 $cn=DbConnect();
00054 $User=ExecSql($cn,"select use_id,use_first_name,use_name,use_login from ac_users natural join jnt_use_dos where use_login != 'phpcompta' and dos_id=".$_SESSION['g_dossier']);
00055 $MaxUser=pg_NumRows($User);
00056
00057
00058 echo '<DIV >';
00059
00060 echo '<TABLE CELLSPACING="20" ALIGN="CENTER">';
00061 for ($i = 0;$i < $MaxUser;$i++) {
00062 $l_line=pg_fetch_array($User,$i);
00063
00064 if ( $i % 3 == 0 && $i != 0)
00065 echo "</TR><TR>";
00066
00067 printf ('<TD><A href="user_sec.php?action=view&user_id=%s">%s %s ( %s )</A></TD>',
00068 $l_line['use_id'],
00069 $l_line['use_first_name'],
00070 $l_line['use_name'],
00071 $l_line['use_login'] );
00072
00073 }
00074 echo "</TR>";
00075 echo '</TABLE>';
00076 $action="";
00077
00078 if ( isset ($_GET["action"] )) {
00079 $action=$_GET["action"];
00080
00081 }
00082
00083
00084 foreach ($HTTP_GET_VARS as $name=>$value)
00085 ${"$name"}=$value;
00086
00087 if ( $action == "change_jrn" ) {
00088
00089 if ( CheckDossier($_GET['login'],$_SESSION['g_dossier']) == 0 ) {
00090 echo "<H2 class=\"error\">he cannot access this folder</H2>";
00091 $action="";
00092 return;
00093 }
00094 $login=$_GET['login'];
00095 $jrn=$_GET['jrn'];
00096 $access=$_GET['access'];
00097 $l_Db=sprintf("dossier%d",$_SESSION['g_dossier']);
00098 echo_debug('user_sec.php',__LINE__,"select * from user_sec_jrn where uj_login='$login' and uj_jrn_id=$jrn");
00099 $cn_dossier=DbConnect($_SESSION['g_dossier']);
00100 $l2_Res=ExecSql($cn_dossier,
00101 "select * from user_sec_jrn where uj_login='$login' and uj_jrn_id=$jrn");
00102 $l2_count=pg_NumRows($l2_Res);
00103 if ( $l2_count == 1 ) {
00104 $Res=ExecSql($cn_dossier,"update user_sec_jrn set uj_priv='$access' where uj_login='$login' and uj_jrn_id=$jrn");
00105 } else {
00106 $Res=ExecSql($cn_dossier,"insert into user_sec_jrn(uj_login,uj_jrn_id,uj_priv) values( '$login' ,$jrn,'$access')");
00107 }
00108
00109 $action="view";
00110 }
00111 if ( $action == "change_act" ) {
00112
00113 if ( CheckDossier($_GET['login'],$_SESSION['g_dossier']) == 0 ) {
00114 echo "<H2 class=\"error\">he cannot access this folder</H2>";
00115 $action="";
00116 return;
00117 }
00118 $l_Db=sprintf("dossier%d",$_SESSION['g_dossier']);
00119 $cn_dossier=DbConnect($_SESSION['g_dossier']);
00120 if ( $_GET['access']==0) {
00121 echo_debug('user_sec.php',__LINE__,"delete right");
00122 $Res=ExecSql($cn_dossier,
00123 "delete from user_sec_act where ua_login='".$_GET['login']."' and ua_act_id=$act");
00124 } else {
00125 echo_debug('user_sec.php',__LINE__,"insert right");
00126 $Res=ExecSql($cn_dossier,
00127 "insert into user_sec_act(ua_login,ua_act_id) values( '$login' ,$act)");
00128 }
00129 $action="view";
00130 }
00131
00132 if ( $action == "view" ) {
00133 $l_Db=sprintf("dossier%d",$_SESSION['g_dossier']);
00134 $cn_dossier=DbConnect($_SESSION['g_dossier']);
00135 $cn=DbConnect();
00136 $User=ExecSql($cn,
00137 "select use_id,use_first_name,use_name,use_login
00138 from ac_users where use_id=".$_GET['user_id']);
00139 $MaxUser=pg_NumRows($User);
00140 if ( $MaxUser == 0 ) return;
00141 $l2_line=pg_fetch_array($User,0);
00142
00143 printf ('<H2 class="info"> Détail utilisateur %s %s (%s) </H2>',
00144 $l2_line['use_first_name'],
00145 $l2_line['use_name'],
00146 $l2_line['use_login']);
00147
00148 if ( CheckDossier($l2_line['use_login'],$_SESSION['g_dossier']) == 0 ) {
00149 echo "<H2 class=\"error\">he cannot access this folder</H2>";
00150 $action="";
00151 return;
00152 }
00153
00154 printf ('<TD><A href="sec_pdf.php?user_id=%s">Imprime</A></TD>',
00155 $l_line['use_id']
00156 );
00157
00158
00159 $Res=ExecSql($cn_dossier,"select jrn_def_id,jrn_def_name from jrn_def ");
00160 $admin=CheckIsAdmin($l2_line['use_login']);
00161
00162 echo '<table align="CENTER" width="100%">';
00163 $MaxJrn=pg_NumRows($Res);
00164 for ( $i =0 ; $i < $MaxJrn; $i++ ) {
00165 $l_line=pg_fetch_array($Res,$i);
00166 echo '<TR> ';
00167 if ( $i == 0 ) echo '<TD> <B> Journal </B> </TD>';else echo "<TD></TD>";
00168 echo "<TD> $l_line[jrn_def_name] </TD>";
00169
00170 $l_change="action=change_jrn&jrn=$l_line[jrn_def_id]&login=$l2_line[use_login]&user_id=$l2_line[use_id]";
00171
00172 if ( $admin == 0) {
00173 $right= CheckJrn($_SESSION['g_dossier'],$l2_line['use_login'],$l_line['jrn_def_id'] );
00174 echo_debug('user_sec.php',__LINE__,"Privilege is $right");
00175 } else $right = 3;
00176 if ( $right == 0 ) {
00177 echo "<TD BGCOLOR=RED>";
00178 echo "Pas d'accès";
00179 echo "</TD>";
00180 echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=R"> Lecture</A></TD>';
00181 echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=W"> Ecriture</A></TD>';
00182
00183 }
00184 if ( $right == 1 ) {
00185 echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=X"> Pas d\'accès</A></TD>';
00186 echo "<TD BGCOLOR=\"#3BCD27\">";
00187 echo "Lecture ";
00188 echo "</TD>";
00189 echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=W"> Ecriture</A></TD>';
00190 }
00191 if ( $right == 2 ) {
00192 echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=X"> Pas d\'accès</A></TD>';
00193 echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=R"> Lecture</A></TD>';
00194
00195 echo "<TD BGCOLOR=\"#3BCD27\">";
00196 echo "Ecriture ";
00197 echo "</TD>";
00198
00199 }
00200 if ( $right == 3 ) {
00201 echo '<TD class="mtitle"> Pas d\'accès</TD>';
00202 echo '<TD class="mtitle"> Lecture </TD>';
00203
00204 echo "<TD BGCOLOR=\"#3BCD27\">";
00205 echo "Ecriture ";
00206 echo "</TD>";
00207
00208 }
00209
00210
00211
00212 echo '</TR>';
00213 }
00214
00215
00216 $Res=ExecSql($cn_dossier,
00217 "select ac_id, ac_description from action order by ac_description ");
00218
00219 $MaxJrn=pg_NumRows($Res);
00220
00221 for ( $i =0 ; $i < $MaxJrn; $i++ ) {
00222 $l_line=pg_fetch_array($Res,$i);
00223 echo '<TR> ';
00224 if ( $i == 0 ) echo '<TD> <B> Action <B></TD>';else echo "<TD></TD>";
00225 echo "<TD>". $l_line['ac_description']." </TD>";
00226
00227 $l_change="action=change_act&act=".$l_line['ac_id']."&login=".$l2_line['use_login']."&user_id=".$l2_line['use_id'];
00228 if ( $admin ==0 ) {
00229 $right=CheckAction($_SESSION['g_dossier'],$l2_line['use_login'],$l_line['ac_id']);
00230 } else {
00231 $right = 2;
00232 }
00233 if ( $right == 0 ) {
00234 echo "<TD BGCOLOR=RED>";
00235 echo "Pas d'accès";
00236 echo "</TD>";
00237 $l_change=$l_change."&access=1";
00238 echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'"> Accès </A></TD>';
00239 }
00240 if ( $right == 1) {
00241 $l_change=$l_change."&access=0";
00242 echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'"> Pas d\'accès </A></TD>';
00243 echo "<TD BGCOLOR=\"#3BCD27\">";
00244 echo "Accès ";
00245 echo "</TD>";
00246
00247 }
00248 if ( $right == 2) {
00249
00250 echo '<TD class="mtitle"> Change </TD>';
00251 echo "<TD BGCOLOR=\"#3BCD27\">";
00252 echo "Accès ";
00253 echo "</TD>";
00254
00255 }
00256
00257
00258 echo '</TR>';
00259 }
00260
00261 echo '</TABLE>';
00262
00263 }
00264 echo "</DIV>";
00265 html_page_stop();
00266 ?>